<?php
	session_start();
	if(!$_SESSION['login'] == 1 && $_SESSION['sessionid'] !== session_id()) {
		header("Location: ./");
		exit;
	}
	
	if($_SESSION['priv'] < 3) {
		$lang = $_SESSION['lang'];
		require_once("include/lang." . $lang . ".php");
		echo ERR_PRIV;
		exit;
	}
	
	if(isset($_GET['mode']) && $_GET['mode'] == "del" && !empty($_GET['id'])) {
		header("Location: users.php");
		include("include/functions.php");
		$id = $_GET['id'];
		$users->rm_user($id);
		exit;
	}
	
	if(isset($_POST['sub'])) {
		ob_start();
		require_once("include/functions.php");
		$lang = $_SESSION['lang'];
		require_once("include/lang." . $lang . ".php");
		$uname  = $_POST['uname'];
		$pword  = $_POST['pword'];
		$group  = $_POST['group'];
		$check  = $_POST['check'];
		$group2 = $_POST['group2'];
		$level  = $_POST['level'];
		$pin  =  $_POST['pin'];
		$tel  =  $_POST['tel'];

		$lang = $_SESSION['lang'];
		
		if(isset($_GET['mode']) && $_GET['mode'] == "edit" && !empty($_GET['id'])) {
			if(empty($uname)) {
				echo ERR_UNAME_FILL;
				exit;
			}
			$id = $_GET['id'];
			if(!empty($pword)) {
				$pword = md5($pword);
			}
			$users->update_user($id, $uname, $pword, $group, $level, $check, $group2 ,$pin , $tel);
		}
		
		else {
			if(empty($pword) || empty($uname)) {
				echo ERR_NOT_FILLED;
				exit;
			}
			$pword = md5($pword);
			$users->add_user($uname, $pword, $group, $level, $check, $group2, $pin, $tel);
		}
		header("Location: users.php");
		ob_end_flush();
		exit;
	}
	include("include/class.mysql.php");
	include("include/layout.php");
		

	html_start();
?>

		<br />
		<span class="conin">
			<?php
				// Make new contact
				if(isset($_GET['mode']) && $_GET['mode'] == "new") {
			?>
			<fieldset name="fieldset" style="width:300px;">
				<legend><?=CONT_ADD;?></legend>
					<form action="<?=$_SERVER['PHP_SELF'];?>" method="post">
					<?=LANG_USER;?>:
					<br />
					<input type="text" name="uname" style="width:250px;" />
					<br />
					<?=LANG_PASS;?>:
					<br />
					<input type="password" name="pword" style="width:250px;" />
					<br />
					Pin
					<br />
					<input type="pin" name="pin" style="width:250px;" />
					<br />
					Telefone<br />
					<input type="tel" name="tel" style="width:250px;" />
					<br />
					<table style="width:250px;">
						<tr>
							<td style="width:40%;"><?=CONT_GROUP;?></td>
							<td><?=ADDR_OTHER;?></td>
						</tr>
						<tr>
							<td>
					<select name="group">
					<option value="new"><?=CONT_NEW;?></option>
					<?php
						$MySQL->conn();
						$sql = mysql_query("SELECT group_name FROM " . DB_PREFIX . "groups") or die(mysql_error());
						while($row = mysql_fetch_array($sql)) {
							echo "<option value=\"" . strip_tags($row['group_name']) . "\">" . strip_tags($row['group_name']) . "</option>";
						}
						$MySQL->close();
					?>
					</select>
							</td>
							<td><input type="checkbox" name="check" value="1" onclick="verify();" /> <input type="text" style="width:100px;" name="group2" disabled /></td>
						</tr>
					</table>
					<?=CONT_LEVEL;?>
					<br />
					<select name="level">
						<option value="1"><?=LEVEL_GUEST;?></option>
						<option value="2"><?=LEVEL_NORMAL;?></option>
						<option value="3"><?=LEVEL_ADMIN;?></option>
					</select>
					<br /><br />
					<input type="submit" name="sub" value="<?=ADDR_ADD;?>" />
				</form>
			</fieldset>
			<?php
				}
				// End make new contact
				
				// Edit section
				elseif(isset($_GET['mode']) && $_GET['mode'] == "edit") {
					if(empty($_GET['id'])) {
						die("No ID");
					}
					if(!is_numeric($_GET['id'])) {
						die("Invalid ID");
					}
					
					$MySQL->conn();
					$id = $_GET['id'];
					$sql = mysql_query("SELECT * FROM " . DB_PREFIX . "users WHERE id = '$id'") or die(mysql_error());
					while($row = mysql_fetch_array($sql)) {
			?>
			<fieldset name="fieldset" style="width:300px;">
				<legend><?=CONT_EDIT;?></legend>
				<form action="<?=$_SERVER['PHP_SELF'] . "?mode=edit&id=" . $row['id'];?>" method="post">
					<?=LANG_USER;?>:
					<br />
					<input type="text" name="uname" style="width:250px;" value="<?=$row['uname'];?>" />
					<br />
					<?=LANG_PASS;?>:
					<br />
					<input type="password" name="pword" style="width:250px;" />
					<br />
					Pin
					<br />
					<input type="text" name="pin" style="width:250px;" value="<?=$row['pin'];?>" />
					<br />
					Telefone
					<br />
					<input type="text" name="tel" style="width:250px;" value="<?=$row['tel'];?>" />
					<br />
					<table style="width:250px;">
						<tr>
							<td style="width:40%;"><?=CONT_GROUP;?></td>
							<td><?=ADDR_OTHER;?></td>
						</tr>
						<tr>
							<td>
					<select name="group">
					<option value="<?=$row['user_group'];?>"><?=$row['user_group'];?></option>
					<option value="new"><?=CONT_NEW;?></option>
					<?php
						$sql2 = mysql_query("SELECT group_name FROM " . DB_PREFIX . "groups") or die(mysql_error());
						while($grp = mysql_fetch_array($sql2)) {
							echo "<option value=\"" . strip_tags($grp['group_name']) . "\">" . strip_tags($grp['group_name']) . "</option>";
						}
					?>
					</select>
							</td>
							<td><input type="checkbox" name="check" value="1" onclick="verify();" /> <input type="text" style="width:100px;" name="group2" disabled /></td>
						</tr>
					</table>
					<?=CONT_LEVEL;?>
					<br />
					<select name="level">
						<option value="<?=$row['priv'];?>">
						<?php
							switch($row['priv']) {
								case 1:
									echo LEVEL_GUEST;
									break;
								case 2:
									echo LEVEL_NORMAL;
									break;
								case 3:
									echo LEVEL_ADMIN;
									break;
							}
						?></option>
						<option value="1"><?=LEVEL_GUEST;?></option>
						<option value="2"><?=LEVEL_NORMAL;?></option>
						<option value="3"><?=LEVEL_ADMIN;?></option>
					</select>
					<br /><br />
					<input type="submit" name="sub" value="<?=CONT_UPDATE;?>" />
				</form>
			</fieldset>
			
			<?php
					}
				// End edit section
				// User list
				}
				else {
			?>
				<a href="users.php?mode=new"><?=USERS_ADD;?></a>
				<br /><br />
				<table class="contact">
					<tr style="border-bottom:1px dotted #5a4d4d;background-color:#F0F0F0;">
						<td style="padding:5px 5px;"><b><?=LANG_USER;?></b></td>
						<td><b><?=LANG_PASS;?></b></td>
						<td><b><?=USERS_LEVEL;?></b></td>
						<td><b><?=CONT_GROUP;?></b></td>
						<td>&nbsp;</td>
						<td>&nbsp;</td>
					</tr>
				<?php
				
					$MySQL->conn();
					$sql = mysql_query("SELECT * FROM " . DB_PREFIX . "users ORDER BY uname ASC") or die(mysql_error());
					$tab_color = array("#F0F0F0", "#FDFDFD");
					$i = 1;
					while($row = mysql_fetch_array($sql)) {
				?>
						<tr style="border-bottom:1px dotted #5a4d4d;background-color:<?=$tab_color[$i % 2];?>">
						<td style="padding:5px 5px;"><?=strip_tags($row['uname']);?></td>
						<td style="text-align:left;width:200x;"><?=strip_tags($row['pword']);?></td>
						<td style="text-align:left;">
						<?php
						$priv1 = $row['priv'];
						switch($priv1) {
							case 1:
								echo "guest";
								break;
							case 2:
								echo "normal";
								break;
							case 3:
								echo "admin";
								break;
							default:
								echo "<span style=\"color:red;\">[none]</span>";
								break;
						}
						?></td>
						<td style="text-align:left;"><?=strip_tags($row['user_group']);?></td>
						<td style="text-align:left;"><a href="users.php?mode=edit&id=<?=$row['id'];?>"><img src="img/edit.png" style="border:0px;" alt="" /></a></td>
						<td style="text-align:left;"><a href="javascript:if(confirm('<?=USERS_SURE;?> <?=strip_tags($row['uname']);?>?')){location.href='users.php?mode=del&id=<?=$row['id'];?>';}"><img src="img/del.png" style="border:0px;" alt="" /></a></td>
					</tr>
				<?php
					$i++;
					}
					
					$MySQL->close();

				?>
				</table>
				<i>Note: All passwords are MD5 encrypted.</i>
				<br />
				<?php
					if(isset($_GET['msg'])) {
						$msg = $_GET['msg'];
						echo "<span style=\"color:red;\">" . $msg . "</span>";
					}
				}
				// End user list
				?>
		</span>
<?php
	html_end();
?>